what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-03-05

Ilch CMS 2.0 Cross Site Scripting
Posted Mar 5, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Ilch CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1944
SHA-256 | e2683c27062711597a9df12371bd0a7a61ee067fc0a9b7f5df5d8be3c8b6ab3a
HP Security Bulletin HPSBMU02933 2
Posted Mar 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02933 2 - A potential security vulnerability has been identified with HP SiteScope's loadFileContents SOAP features. The vulnerabilities could be exploited to allow remote code execution, arbitrary file download and Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2013-4835, CVE-2013-6207
SHA-256 | 3c3fce58d5871296d934c5747bd58def4b2b1e55206ab989526989592b9fe1e7
WordPress Barclaycart Shell Upload
Posted Mar 5, 2014
Authored by eX-Sh1Ne

WordPress Barclaycart plugin suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 58557ff12c73e8f77acc73b1a87e158e79d958922d12cc5281635607469e186f
HP Security Bulletin HPSBHF02965
Posted Mar 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02965 - A potential security vulnerability has been identified with HP Security Management System. The vulnerability could be remotely exploited to allow remote execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, remote, arbitrary
advisories | CVE-2013-6201
SHA-256 | ae08851a091ce91f4446b016984fbb54e3bc089782556844186d6daebd7da8e8
Open Supports 2.0 SQL Injection
Posted Mar 5, 2014
Authored by indoushka

Open Supports version 2.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 39c5d73c086e0f1c416ae0a90a2bcacc48e025ded4b414d20ccc44a07c834ba1
HP Security Bulletin HPSBUX02973 SSRT101455
Posted Mar 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02973 SSRT101455 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424
SHA-256 | 1a9c8dd06ec0e2350e96252f75e11349bc19404195d5b099e09ef1a50df08f42
HP Security Bulletin HPSBUX02972 SSRT101454
Posted Mar 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02972 SSRT101454 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416
SHA-256 | 99259d174eecc0f00a31bfe3c271ae58f0bc9f924a4cf092a8c6f2d23e24da32
PHP Session Handling
Posted Mar 5, 2014
Authored by Jann Horn

PHP suffers from a user session hijacking vulnerability due to the way sessions are handled on the filesystem.

tags | advisory, php
SHA-256 | 24a591c0d3dcd52cc5ebd27e0fa5e2ca669141ab9ce9ec505ab5e11991b150d3
SFR BOX NB6-MAIN-R3.3.4 Cross Site Scripting
Posted Mar 5, 2014
Authored by alejandr0.w3b.p0wn3r

SFR ADSL/Fiber BOX version NB6-MAIN-R3.3.4 suffers from 39 cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-1599
SHA-256 | 961daed8a9749ebb2b59813783d112dd418b4d19e5ea17054f90aa7c8fc1c761
Gentoo Linux Security Advisory 201403-01
Posted Mar 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-1 - Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Versions less than 33.0.1750.146 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2925, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928, CVE-2013-2931, CVE-2013-6621, CVE-2013-6622, CVE-2013-6623, CVE-2013-6624, CVE-2013-6625, CVE-2013-6626
SHA-256 | 6fa193b11bae1a8711011022a473afc87d63e850dbd09992219cf1b7d49ec730
IPSet Bash Completion 2.5
Posted Mar 5, 2014
Authored by AllKind | Site sourceforge.net

ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.

Changes: Various bug fixes and inclusion of support for the new options "markmask", "forceadd" and the new set type "hash:ip,mark".
tags | tool, shell, firewall, bash
systems | linux, unix
SHA-256 | f8a99f1f281854c1e5c01b4aa59859cf3de9cee3bc2e9126bb0e069789075473
Glambombworld PHP Clone Script Header Injection
Posted Mar 5, 2014
Authored by indoushka

Glambombworld PHP Clone Script suffers from a header injection vulnerability. Warning: viewing the demo site is not safe for work.

tags | exploit, php
SHA-256 | f57354df099e3a205d21612ed8b2299b04739e5da4e01ed5c8497b9926512e92
Windows Escalate UAC Protection Bypass (In Memory Injection)
Posted Mar 5, 2014
Authored by David Kennedy, Ben Campbell, mitnick, mubix | Site metasploit.com

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also).

tags | exploit, shell
systems | windows
SHA-256 | 2af1863cdb30bfd4736972507c329a2bdd36de75f1f53ed9dba7e1b9c141c5d9
ALLPlayer M3U Buffer Overflow
Posted Mar 5, 2014
Authored by Gabor Seljan, metacom, Mike Czumak | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in ALLPlayer 2.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows 7 SP1.

tags | exploit, remote, overflow, arbitrary
systems | windows
advisories | OSVDB-98283
SHA-256 | 3024048d0a34139924bf86ad54652b2205faa11b7eda9905b10fe7256e77bd1e
Red Hat Security Advisory 2014-0249-01
Posted Mar 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0249-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066
SHA-256 | 3787b02c2694cb97d3e446074a2140a66abbac75c5b4d76794db3b0e7791e13f
Ubuntu Security Notice USN-2127-1
Posted Mar 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2127-1 - Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-0092
SHA-256 | d993f7ca19f48ae97e6efa1f068cac1e38adac6d808387d1c7002cb567aff191
Apache Cordova 2.9.0 File-Transfer Insecure Defaults
Posted Mar 5, 2014
Authored by Neil Bergman

Cordova File-Transfer iOS plugin from Cordova versions 2.4.0 to 2.9.0 and Cordova File-Transfer iOS standalone plugin (org.apache.cordova.file-transfer) versions 0.1.0 to 0.4.1 suffers from file-transfer insecure default settings.

tags | advisory
systems | ios
advisories | CVE-2014-0072
SHA-256 | d06bcc2c1a60bed13d3d16b9c58407e36f9a922e09a29f8737855698ce7ee2a3
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close